By Federico Maggi, Rainer Vosseler (Trend Micro Research), Mars Cheng, Patrick Kuo, Chizuru Toyama, Ta-Lun Yen (TXOne Networks), Erik Boasson (ADLINK), and Victor Mayoral Vilches (Alias Robotics)
Despite being unknown even to industry practitioners, the Data Distribution Service (DDS) protocol has been in use for more than a decade. This middleware software technology is responsible for running billions of public and private devices and mechanisms currently in use. DDS is integral in embedded systems that require real-time machine-to-machine communication, facilitating a reliable communication layer between sensors, controllers, and actuators.
This technology is situated at the beginning of the supply chain as a layer that connects, controls, and monitors applications, sensors, and actuators, aimed at maintaining interoperability and fault tolerance. It is used in various critical sectors such as healthcare, transportation, industrial internet of things (IIoT), robotics, aeronautics, and the military, among others. Given these factors, this makes the middleware technology an attractive target for attackers.
We analyzed this software and found multiple security vulnerabilities. This blog lists 13 identified security gaps that were assigned new CVE IDs found in the six most common DDS implementations, mostly concerning deployment. We also show a preview of the security gaps we found in the standard’s specification and a summary of our testing procedure. For details on the known vulnerabilities, attack scenarios, and research methodology, read our full paper “A Security Analysis of the Data Distribution Service (DDS) Protocol.” All the vulnerabilities found have been disclosed and patched or mitigated